{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-54159","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-24T13:02:52.531Z","datePublished":"2025-12-24T13:07:08.207Z","dateUpdated":"2026-05-11T19:56:37.853Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:56:37.853Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: mtu3: fix kernel panic at qmu transfer done irq handler\n\nWhen handle qmu transfer irq, it will unlock @mtu->lock before give back\nrequest, if another thread handle disconnect event at the same time, and\ntry to disable ep, it may lock @mtu->lock and free qmu ring, then qmu\nirq hanlder may get a NULL gpd, avoid the KE by checking gpd's value before\nhandling it.\n\ne.g.\nqmu done irq on cpu0                 thread running on cpu1\n\nqmu_done_tx()\n  handle gpd [0]\n    mtu3_requ_complete()        mtu3_gadget_ep_disable()\n      unlock @mtu->lock\n        give back request         lock @mtu->lock\n                                    mtu3_ep_disable()\n                                      mtu3_gpd_ring_free()\n                                   unlock @mtu->lock\n      lock @mtu->lock\n    get next gpd [1]\n\n[1]: goto [0] to handle next gpd, and next gpd may be NULL."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/usb/mtu3/mtu3_qmu.c"],"versions":[{"version":"48e0d3735aa557a8adaf94632ca3cf78798e8505","lessThan":"26ca30516b2c49dd04c134cbdf122311c538df98","status":"affected","versionType":"git"},{"version":"48e0d3735aa557a8adaf94632ca3cf78798e8505","lessThan":"012936502a9cb7b0604e85bb961eb15e2bb40dd9","status":"affected","versionType":"git"},{"version":"48e0d3735aa557a8adaf94632ca3cf78798e8505","lessThan":"ee53a7a88027cea765c68f3b00a50b8f58d6f786","status":"affected","versionType":"git"},{"version":"48e0d3735aa557a8adaf94632ca3cf78798e8505","lessThan":"f26273428657ef4ca74740e578ae45a3be492f6f","status":"affected","versionType":"git"},{"version":"48e0d3735aa557a8adaf94632ca3cf78798e8505","lessThan":"b636aff94a67be46582d4321d11743f1a10cc2c1","status":"affected","versionType":"git"},{"version":"48e0d3735aa557a8adaf94632ca3cf78798e8505","lessThan":"3a7d4959560a2ee493ef222e3b63d359365f41ec","status":"affected","versionType":"git"},{"version":"48e0d3735aa557a8adaf94632ca3cf78798e8505","lessThan":"d28f4091ea7ec3510fd6a3c6d433234e7a2bef14","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/usb/mtu3/mtu3_qmu.c"],"versions":[{"version":"5.2","status":"affected"},{"version":"0","lessThan":"5.2","status":"unaffected","versionType":"semver"},{"version":"5.4.243","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.180","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.111","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.28","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.2.15","lessThanOrEqual":"6.2.*","status":"unaffected","versionType":"semver"},{"version":"6.3.2","lessThanOrEqual":"6.3.*","status":"unaffected","versionType":"semver"},{"version":"6.4","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2","versionEndExcluding":"5.4.243"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2","versionEndExcluding":"5.10.180"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2","versionEndExcluding":"5.15.111"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2","versionEndExcluding":"6.1.28"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2","versionEndExcluding":"6.2.15"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2","versionEndExcluding":"6.3.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2","versionEndExcluding":"6.4"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/26ca30516b2c49dd04c134cbdf122311c538df98"},{"url":"https://git.kernel.org/stable/c/012936502a9cb7b0604e85bb961eb15e2bb40dd9"},{"url":"https://git.kernel.org/stable/c/ee53a7a88027cea765c68f3b00a50b8f58d6f786"},{"url":"https://git.kernel.org/stable/c/f26273428657ef4ca74740e578ae45a3be492f6f"},{"url":"https://git.kernel.org/stable/c/b636aff94a67be46582d4321d11743f1a10cc2c1"},{"url":"https://git.kernel.org/stable/c/3a7d4959560a2ee493ef222e3b63d359365f41ec"},{"url":"https://git.kernel.org/stable/c/d28f4091ea7ec3510fd6a3c6d433234e7a2bef14"}],"title":"usb: mtu3: fix kernel panic at qmu transfer done irq handler","x_generator":{"engine":"bippy-1.2.0"}}}}